<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>

Nmap Security Scanner

Docs
Security Lists

Full Disclosure

More
Security Tools

Packet crafters

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

edgeos network security services platform

Bugtraq: Elevated scanning: TCP port 135 (RPC) AND 445 (Domain Services)

Elevated scanning: TCP port 135 (RPC) AND 445 (Domain Services)

From: Nicholas Weaver <nweaver_at_CS.berkeley.edu>
Date: Tue, 27 Jan 2004 10:19:00 -0800

At several locations we have seen a significant elevation in
scanning on TCP ports 135 AND 445. The scannig machines are scanning
both ports, and seem to be doing a semirepeated scan (sometimes
attempting multiple tries at the same destination).

This looks somewhat like a worm scan or widely distributed
scan which is targeting the windows RPC port and is also looking for
domain controllers (to attack? To find other targets? To
authenticate with other possible targets?)

Does anyone have more information on this?

Especially anybody with a windows honeypot?

-- 
Nicholas C. Weaver                                 nweaver_at_cs.berkeley.edu

Received on Jan 27 2004

This message: [ Message body ]
Next message: http-equiv_at_excite.com: "GOOROO CROSSING: File Spoofing Internet Explorer 6"
Previous message: Jesse Keating: "[FLSA-2004:1187] Updated screen resolves security vulnerability"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]